Re: [TLS] Query regarding generating client_write_key.
Joshua Davies <joshua.davies.tx@gmail.com> Wed, 28 September 2011 16:30 UTC
Return-Path: <joshua.davies.tx@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 660931F0C86 for <tls@ietfa.amsl.com>; Wed, 28 Sep 2011 09:30:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.765
X-Spam-Level:
X-Spam-Status: No, score=-2.765 tagged_above=-999 required=5 tests=[AWL=-0.833, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_HTML_USL_OBFU=1.666]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ktpU0B8aP0dt for <tls@ietfa.amsl.com>; Wed, 28 Sep 2011 09:30:24 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2FD871F0C85 for <tls@ietf.org>; Wed, 28 Sep 2011 09:30:24 -0700 (PDT)
Received: by yic13 with SMTP id 13so7784225yic.31 for <tls@ietf.org>; Wed, 28 Sep 2011 09:33:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9GdOPvatwbYUGNCGFdhhlRYLbChVoShIaJOCGYsiGJo=; b=VQuIdnClfc/avXyp2Q0iu8KY2QzOfqTbzgHM6wXDeky/uO38MFehBMmuFn+bglYyur Pf2FEQLTP8m8LbnZQGwBe3jOcJjUXDEanRoNZsRKPlJ1TSr3fs4jo4SZh8CxAHTikPgJ 70ZoorQKLfaJ8/PvflxL4goBrL72evyQbbMUk=
MIME-Version: 1.0
Received: by 10.68.27.102 with SMTP id s6mr44998115pbg.43.1317227592139; Wed, 28 Sep 2011 09:33:12 -0700 (PDT)
Received: by 10.142.88.9 with HTTP; Wed, 28 Sep 2011 09:33:12 -0700 (PDT)
In-Reply-To: <4E818EF3.4090206@netscout.com>
References: <4E818EF3.4090206@netscout.com>
Date: Wed, 28 Sep 2011 11:33:12 -0500
Message-ID: <CADwpFrD5S9wRQuxq2aGsGtQOkE=NnJMUA10vxxY9jV3=iNTPAA@mail.gmail.com>
From: Joshua Davies <joshua.davies.tx@gmail.com>
To: nilesh <nilesh.tayade@netscout.com>
Content-Type: multipart/alternative; boundary="bcaec520f1c7b7c2be04ae02f265"
Cc: tls@ietf.org
Subject: Re: [TLS] Query regarding generating client_write_key.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2011 16:30:25 -0000
Are you implementing TLS 1.0/1.1 or TLS 1.2? The PRF changed in 1.2. The PRF is by far the most complex part of the implementation - if you really want to understand it, I'd recommend chapter 6 of my book ; ) However, you can download the companion source code for free from http://media.wiley.com/product_ancillary/16/04709204/DOWNLOAD/920411%20implementing_ssl_gcc.zip; take a look at the ch06/prf.c file. It was written to be as straightforward and self contained as possible, and it includes a standalone main routine that you can use to pass in arbitrary secrets/seeds/labels and see exactly what the PRF function generates. On Tue, Sep 27, 2011 at 3:53 AM, nilesh <nilesh.tayade@netscout.com> wrote: > Hi, > > I am new to the TLS/Cryptography and started working on decrypting the > packets over SSL/TLS. > I have followed the RFC2246, 5246. > > To start decoding the packets, I need to have symmetric keys > (client_write_key/server_**write_key). > I have the key_block, IV and MAC. As per the rfc: > > client_write_key = PRF{key_block[32..36], client_random, server_random, > some_string}[0..31]; > And I have started writing PRF (pseudo-random function) somewhat like: > > <snip> > /* > input : has 5bytes data i.e. key_block[32..36]; > salt1 == client_random, salt2 == server_random, salt = 'A'. > */ > for (i = 0; i < 2; i++) > { > MD5_Init(&md5); > MD5_Update(&md5, (unsigned char *) &input[0], 3); > // MD5_Update(&md5, shasig, 20); > MD5_Final((unsigned char *)&md, &md5); > > SHA1_Init(&sha); > SHA1_Update(&sha, pad, i + 1); > SHA1_Update(&sha, (unsigned char *) &input[2], 3); > SHA1_Update(&sha, salt1, 32); > SHA1_Update(&sha, salt2, 32); > SHA1_Final(shasig, &sha); > } > </snip> > > Now, we need to XOR the md and shasig to get the bytes in client_write_key. > > Queries: > 1. The md5 generates 16bytes and SHA1 generates 20bytes so xor will be > 20bytes. > But the key we expect should be 32bytes (iterated the MD5/SHA1 twice for > that). How could this be achieved? > 2. Any suggestions on if the PRF() is designed somewhere? Pointers on how > it could be designed? > > I tried several ways, but getting the wrong key. Could someone please > advice? > > -- > Thanks, > Nilesh > ______________________________**_________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/**listinfo/tls<https://www.ietf.org/mailman/listinfo/tls> >
- [TLS] Query regarding generating client_write_key. nilesh
- Re: [TLS] Query regarding generating client_write… Simon Josefsson
- Re: [TLS] Query regarding generating client_write… Joshua Davies
- Re: [TLS] Query regarding generating client_write… Joshua Davies
- Re: [TLS] Query regarding generating client_write… nilesh